Alexei Podtelezhnikov pushed to branch master at FreeType / FreeType
Commits:
-
22befeef
by Alexei Podtelezhnikov at 2021-10-07T22:41:56-04:00
-
0313a11c
by Alexei Podtelezhnikov at 2021-10-07T22:43:12-04:00
-
946df221
by Alexei Podtelezhnikov at 2021-10-07T22:44:53-04:00
10 changed files:
- docs/CHANGES
- include/freetype/fttypes.h
- include/freetype/internal/tttypes.h
- include/freetype/t1tables.h
- src/cff/cffgload.c
- src/cid/cidgload.c
- src/cid/cidload.c
- src/cid/cidload.h
- src/psaux/psft.c
- src/truetype/ttgload.c
Changes:
| 1 |
+CHANGES BETWEEN 2.11.0 and 2.11.1
|
|
| 2 |
+ |
|
| 3 |
+ I. IMPORTANT CHANGES
|
|
| 4 |
+ |
|
| 5 |
+ - Some fields in the `CID_FaceDictRec`, `CID_FaceInfoRec`, and
|
|
| 6 |
+ `FT_Data` structures have been changed from signed to unsigned
|
|
| 7 |
+ type, which better reflects the actual usage. It is also an
|
|
| 8 |
+ additional means to protect against malformed input.
|
|
| 9 |
+ |
|
| 10 |
+ |
|
| 11 |
+======================================================================
|
|
| 12 |
+ |
|
| 1 | 13 |
CHANGES BETWEEN 2.10.4 and 2.11.0
|
| 2 | 14 |
|
| 3 | 15 |
I. IMPORTANT CHANGES
|
| ... | ... | @@ -413,7 +413,7 @@ FT_BEGIN_HEADER |
| 413 | 413 |
typedef struct FT_Data_
|
| 414 | 414 |
{
|
| 415 | 415 |
const FT_Byte* pointer;
|
| 416 |
- FT_Int length;
|
|
| 416 |
+ FT_UInt length;
|
|
| 417 | 417 |
|
| 418 | 418 |
} FT_Data;
|
| 419 | 419 |
|
| ... | ... | @@ -1734,7 +1734,7 @@ FT_BEGIN_HEADER |
| 1734 | 1734 |
FT_UInt glyph_index;
|
| 1735 | 1735 |
|
| 1736 | 1736 |
FT_Stream stream;
|
| 1737 |
- FT_Int byte_len;
|
|
| 1737 |
+ FT_UInt byte_len;
|
|
| 1738 | 1738 |
|
| 1739 | 1739 |
FT_Short n_contours;
|
| 1740 | 1740 |
FT_BBox bbox;
|
| ... | ... | @@ -360,7 +360,7 @@ FT_BEGIN_HEADER |
| 360 | 360 |
|
| 361 | 361 |
FT_UInt num_subrs;
|
| 362 | 362 |
FT_ULong subrmap_offset;
|
| 363 |
- FT_Int sd_bytes;
|
|
| 363 |
+ FT_UInt sd_bytes;
|
|
| 364 | 364 |
|
| 365 | 365 |
} CID_FaceDictRec;
|
| 366 | 366 |
|
| ... | ... | @@ -415,8 +415,8 @@ FT_BEGIN_HEADER |
| 415 | 415 |
FT_ULong xuid[16];
|
| 416 | 416 |
|
| 417 | 417 |
FT_ULong cidmap_offset;
|
| 418 |
- FT_Int fd_bytes;
|
|
| 419 |
- FT_Int gd_bytes;
|
|
| 418 |
+ FT_UInt fd_bytes;
|
|
| 419 |
+ FT_UInt gd_bytes;
|
|
| 420 | 420 |
FT_ULong cid_count;
|
| 421 | 421 |
|
| 422 | 422 |
FT_Int num_dicts;
|
| ... | ... | @@ -59,7 +59,7 @@ |
| 59 | 59 |
|
| 60 | 60 |
|
| 61 | 61 |
*pointer = (FT_Byte*)data.pointer;
|
| 62 |
- *length = (FT_ULong)data.length;
|
|
| 62 |
+ *length = data.length;
|
|
| 63 | 63 |
|
| 64 | 64 |
return error;
|
| 65 | 65 |
}
|
| ... | ... | @@ -94,7 +94,7 @@ |
| 94 | 94 |
|
| 95 | 95 |
|
| 96 | 96 |
data.pointer = *pointer;
|
| 97 |
- data.length = (FT_Int)length;
|
|
| 97 |
+ data.length = (FT_UInt)length;
|
|
| 98 | 98 |
|
| 99 | 99 |
face->root.internal->incremental_interface->funcs->free_glyph_data(
|
| 100 | 100 |
face->root.internal->incremental_interface->object, &data );
|
| ... | ... | @@ -63,7 +63,7 @@ |
| 63 | 63 |
#endif
|
| 64 | 64 |
|
| 65 | 65 |
|
| 66 |
- FT_TRACE1(( "cid_load_glyph: glyph index %d\n", glyph_index ));
|
|
| 66 |
+ FT_TRACE1(( "cid_load_glyph: glyph index %u\n", glyph_index ));
|
|
| 67 | 67 |
|
| 68 | 68 |
#ifdef FT_CONFIG_OPTION_INCREMENTAL
|
| 69 | 69 |
|
| ... | ... | @@ -76,20 +76,17 @@ |
| 76 | 76 |
|
| 77 | 77 |
error = inc->funcs->get_glyph_data( inc->object,
|
| 78 | 78 |
glyph_index, &glyph_data );
|
| 79 |
- if ( error )
|
|
| 79 |
+ if ( error || glyph_data.length < cid->fd_bytes )
|
|
| 80 | 80 |
goto Exit;
|
| 81 | 81 |
|
| 82 | 82 |
p = (FT_Byte*)glyph_data.pointer;
|
| 83 |
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
|
|
| 83 |
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
|
|
| 84 | 84 |
|
| 85 |
- if ( glyph_data.length != 0 )
|
|
| 86 |
- {
|
|
| 87 |
- glyph_length = (FT_ULong)( glyph_data.length - cid->fd_bytes );
|
|
| 85 |
+ glyph_length = glyph_data.length - cid->fd_bytes;
|
|
| 88 | 86 |
|
| 89 |
- if ( !FT_QALLOC( charstring, glyph_length ) )
|
|
| 90 |
- FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
|
|
| 91 |
- glyph_length );
|
|
| 92 |
- }
|
|
| 87 |
+ if ( !FT_QALLOC( charstring, glyph_length ) )
|
|
| 88 |
+ FT_MEM_COPY( charstring, glyph_data.pointer + cid->fd_bytes,
|
|
| 89 |
+ glyph_length );
|
|
| 93 | 90 |
|
| 94 | 91 |
inc->funcs->free_glyph_data( inc->object, &glyph_data );
|
| 95 | 92 |
|
| ... | ... | @@ -104,7 +101,7 @@ |
| 104 | 101 |
/* For ordinary fonts read the CID font dictionary index */
|
| 105 | 102 |
/* and charstring offset from the CIDMap. */
|
| 106 | 103 |
{
|
| 107 |
- FT_UInt entry_len = (FT_UInt)( cid->fd_bytes + cid->gd_bytes );
|
|
| 104 |
+ FT_UInt entry_len = cid->fd_bytes + cid->gd_bytes;
|
|
| 108 | 105 |
FT_ULong off1, off2;
|
| 109 | 106 |
|
| 110 | 107 |
|
| ... | ... | @@ -114,10 +111,10 @@ |
| 114 | 111 |
goto Exit;
|
| 115 | 112 |
|
| 116 | 113 |
p = (FT_Byte*)stream->cursor;
|
| 117 |
- fd_select = cid_get_offset( &p, (FT_Byte)cid->fd_bytes );
|
|
| 118 |
- off1 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
|
|
| 114 |
+ fd_select = cid_get_offset( &p, cid->fd_bytes );
|
|
| 115 |
+ off1 = cid_get_offset( &p, cid->gd_bytes );
|
|
| 119 | 116 |
p += cid->fd_bytes;
|
| 120 |
- off2 = cid_get_offset( &p, (FT_Byte)cid->gd_bytes );
|
|
| 117 |
+ off2 = cid_get_offset( &p, cid->gd_bytes );
|
|
| 121 | 118 |
FT_FRAME_EXIT();
|
| 122 | 119 |
|
| 123 | 120 |
if ( fd_select >= (FT_ULong)cid->num_dicts ||
|
| ... | ... | @@ -41,7 +41,7 @@ |
| 41 | 41 |
/* read a single offset */
|
| 42 | 42 |
FT_LOCAL_DEF( FT_ULong )
|
| 43 | 43 |
cid_get_offset( FT_Byte* *start,
|
| 44 |
- FT_Byte offsize )
|
|
| 44 |
+ FT_UInt offsize )
|
|
| 45 | 45 |
{
|
| 46 | 46 |
FT_ULong result;
|
| 47 | 47 |
FT_Byte* p = *start;
|
| ... | ... | @@ -275,7 +275,7 @@ |
| 275 | 275 |
if ( (FT_ULong)num_dicts > stream->size / 100 )
|
| 276 | 276 |
{
|
| 277 | 277 |
FT_TRACE0(( "parse_fd_array: adjusting FDArray size"
|
| 278 |
- " (from %ld to %ld)\n",
|
|
| 278 |
+ " (from %ld to %lu)\n",
|
|
| 279 | 279 |
num_dicts,
|
| 280 | 280 |
stream->size / 100 ));
|
| 281 | 281 |
num_dicts = (FT_Long)( stream->size / 100 );
|
| ... | ... | @@ -560,12 +560,12 @@ |
| 560 | 560 |
|
| 561 | 561 |
/* read the subrmap's offsets */
|
| 562 | 562 |
if ( FT_STREAM_SEEK( cid->data_offset + dict->subrmap_offset ) ||
|
| 563 |
- FT_FRAME_ENTER( ( num_subrs + 1 ) * (FT_UInt)dict->sd_bytes ) )
|
|
| 563 |
+ FT_FRAME_ENTER( ( num_subrs + 1 ) * dict->sd_bytes ) )
|
|
| 564 | 564 |
goto Fail;
|
| 565 | 565 |
|
| 566 | 566 |
p = (FT_Byte*)stream->cursor;
|
| 567 | 567 |
for ( count = 0; count <= num_subrs; count++ )
|
| 568 |
- offsets[count] = cid_get_offset( &p, (FT_Byte)dict->sd_bytes );
|
|
| 568 |
+ offsets[count] = cid_get_offset( &p, dict->sd_bytes );
|
|
| 569 | 569 |
|
| 570 | 570 |
FT_FRAME_EXIT();
|
| 571 | 571 |
|
| ... | ... | @@ -805,7 +805,7 @@ |
| 805 | 805 |
face->root.stream->size - parser->data_offset )
|
| 806 | 806 |
{
|
| 807 | 807 |
FT_TRACE0(( "cid_face_open: adjusting length of binary data\n" ));
|
| 808 |
- FT_TRACE0(( " (from %ld to %ld bytes)\n",
|
|
| 808 |
+ FT_TRACE0(( " (from %lu to %lu bytes)\n",
|
|
| 809 | 809 |
parser->binary_length,
|
| 810 | 810 |
face->root.stream->size - parser->data_offset ));
|
| 811 | 811 |
parser->binary_length = face->root.stream->size -
|
| ... | ... | @@ -833,10 +833,10 @@ |
| 833 | 833 |
|
| 834 | 834 |
/* sanity tests */
|
| 835 | 835 |
|
| 836 |
- if ( cid->fd_bytes < 0 || cid->gd_bytes < 1 )
|
|
| 836 |
+ if ( cid->gd_bytes == 0 )
|
|
| 837 | 837 |
{
|
| 838 | 838 |
FT_ERROR(( "cid_face_open:"
|
| 839 |
- " Invalid `FDBytes' or `GDBytes' value\n" ));
|
|
| 839 |
+ " Invalid `GDBytes' value\n" ));
|
|
| 840 | 840 |
error = FT_THROW( Invalid_File_Format );
|
| 841 | 841 |
goto Exit;
|
| 842 | 842 |
}
|
| ... | ... | @@ -853,7 +853,7 @@ |
| 853 | 853 |
}
|
| 854 | 854 |
|
| 855 | 855 |
binary_length = face->cid_stream->size - cid->data_offset;
|
| 856 |
- entry_len = (FT_ULong)( cid->fd_bytes + cid->gd_bytes );
|
|
| 856 |
+ entry_len = cid->fd_bytes + cid->gd_bytes;
|
|
| 857 | 857 |
|
| 858 | 858 |
for ( n = 0; n < cid->num_dicts; n++ )
|
| 859 | 859 |
{
|
| ... | ... | @@ -879,8 +879,7 @@ |
| 879 | 879 |
dict->private_dict.blue_fuzz = 1;
|
| 880 | 880 |
}
|
| 881 | 881 |
|
| 882 |
- if ( dict->sd_bytes < 0 ||
|
|
| 883 |
- ( dict->num_subrs && dict->sd_bytes < 1 ) )
|
|
| 882 |
+ if ( dict->num_subrs && dict->sd_bytes == 0 )
|
|
| 884 | 883 |
{
|
| 885 | 884 |
FT_ERROR(( "cid_face_open: Invalid `SDBytes' value\n" ));
|
| 886 | 885 |
error = FT_THROW( Invalid_File_Format );
|
| ... | ... | @@ -903,11 +902,10 @@ |
| 903 | 902 |
goto Exit;
|
| 904 | 903 |
}
|
| 905 | 904 |
|
| 906 |
- /* `num_subrs' is scanned as a signed integer */
|
|
| 907 |
- if ( (FT_Int)dict->num_subrs < 0 ||
|
|
| 908 |
- ( dict->sd_bytes &&
|
|
| 909 |
- dict->num_subrs > ( binary_length - dict->subrmap_offset ) /
|
|
| 910 |
- (FT_UInt)dict->sd_bytes ) )
|
|
| 905 |
+ /* The first condition prevents the multiplication overflow */
|
|
| 906 |
+ if ( dict->num_subrs > UINT_MAX / 4 ||
|
|
| 907 |
+ dict->num_subrs * dict->sd_bytes >
|
|
| 908 |
+ binary_length - dict->subrmap_offset )
|
|
| 911 | 909 |
{
|
| 912 | 910 |
FT_ERROR(( "cid_face_open: Invalid `SubrCount' value\n" ));
|
| 913 | 911 |
error = FT_THROW( Invalid_File_Format );
|
| ... | ... | @@ -37,7 +37,7 @@ FT_BEGIN_HEADER |
| 37 | 37 |
|
| 38 | 38 |
FT_LOCAL( FT_ULong )
|
| 39 | 39 |
cid_get_offset( FT_Byte** start,
|
| 40 |
- FT_Byte offsize );
|
|
| 40 |
+ FT_UInt offsize );
|
|
| 41 | 41 |
|
| 42 | 42 |
FT_LOCAL( FT_Error )
|
| 43 | 43 |
cid_face_open( CID_Face face,
|
| ... | ... | @@ -742,13 +742,13 @@ |
| 742 | 742 |
/* For ordinary fonts get the character data stored in the face record. */
|
| 743 | 743 |
{
|
| 744 | 744 |
glyph_data.pointer = type1->charstrings[glyph_index];
|
| 745 |
- glyph_data.length = (FT_Int)type1->charstrings_len[glyph_index];
|
|
| 745 |
+ glyph_data.length = type1->charstrings_len[glyph_index];
|
|
| 746 | 746 |
}
|
| 747 | 747 |
|
| 748 | 748 |
if ( !error )
|
| 749 | 749 |
{
|
| 750 | 750 |
FT_Byte* charstring_base = (FT_Byte*)glyph_data.pointer;
|
| 751 |
- FT_ULong charstring_len = (FT_ULong)glyph_data.length;
|
|
| 751 |
+ FT_ULong charstring_len = glyph_data.length;
|
|
| 752 | 752 |
|
| 753 | 753 |
|
| 754 | 754 |
FT_ASSERT( charstring_base + charstring_len >= charstring_base );
|
| ... | ... | @@ -778,7 +778,7 @@ |
| 778 | 778 |
face = (T1_Face)decoder->builder.face;
|
| 779 | 779 |
|
| 780 | 780 |
data.pointer = buf->start;
|
| 781 |
- data.length = (FT_Int)( buf->end - buf->start );
|
|
| 781 |
+ data.length = (FT_UInt)( buf->end - buf->start );
|
|
| 782 | 782 |
|
| 783 | 783 |
if ( face->root.internal->incremental_interface )
|
| 784 | 784 |
face->root.internal->incremental_interface->funcs->free_glyph_data(
|
| ... | ... | @@ -1392,7 +1392,7 @@ |
| 1392 | 1392 |
FT_READ_USHORT( n_ins ) )
|
| 1393 | 1393 |
return error;
|
| 1394 | 1394 |
|
| 1395 |
- FT_TRACE5(( " Instructions size = %d\n", n_ins ));
|
|
| 1395 |
+ FT_TRACE5(( " Instructions size = %hu\n", n_ins ));
|
|
| 1396 | 1396 |
|
| 1397 | 1397 |
/* check it */
|
| 1398 | 1398 |
max_ins = loader->face->max_profile.maxSizeOfInstructions;
|
| ... | ... | @@ -1400,10 +1400,10 @@ |
| 1400 | 1400 |
{
|
| 1401 | 1401 |
/* don't trust `maxSizeOfInstructions'; */
|
| 1402 | 1402 |
/* only do a rough safety check */
|
| 1403 |
- if ( (FT_Int)n_ins > loader->byte_len )
|
|
| 1403 |
+ if ( n_ins > loader->byte_len )
|
|
| 1404 | 1404 |
{
|
| 1405 | 1405 |
FT_TRACE1(( "TT_Process_Composite_Glyph:"
|
| 1406 |
- " too many instructions (%d) for glyph with length %d\n",
|
|
| 1406 |
+ " too many instructions (%hu) for glyph with length %u\n",
|
|
| 1407 | 1407 |
n_ins, loader->byte_len ));
|
| 1408 | 1408 |
return FT_THROW( Too_Many_Hints );
|
| 1409 | 1409 |
}
|
| ... | ... | @@ -1686,7 +1686,7 @@ |
| 1686 | 1686 |
FT_ZERO( &inc_stream );
|
| 1687 | 1687 |
FT_Stream_OpenMemory( &inc_stream,
|
| 1688 | 1688 |
glyph_data.pointer,
|
| 1689 |
- (FT_ULong)glyph_data.length );
|
|
| 1689 |
+ glyph_data.length );
|
|
| 1690 | 1690 |
|
| 1691 | 1691 |
loader->stream = &inc_stream;
|
| 1692 | 1692 |
}
|
| ... | ... | @@ -1694,8 +1694,7 @@ |
| 1694 | 1694 |
|
| 1695 | 1695 |
#endif /* FT_CONFIG_OPTION_INCREMENTAL */
|
| 1696 | 1696 |
|
| 1697 |
- offset = tt_face_get_location( face, glyph_index,
|
|
| 1698 |
- (FT_UInt*)&loader->byte_len );
|
|
| 1697 |
+ offset = tt_face_get_location( face, glyph_index, &loader->byte_len );
|
|
| 1699 | 1698 |
|
| 1700 | 1699 |
if ( loader->byte_len > 0 )
|
| 1701 | 1700 |
{
|
| ... | ... | @@ -1714,7 +1713,7 @@ |
| 1714 | 1713 |
|
| 1715 | 1714 |
error = face->access_glyph_frame( loader, glyph_index,
|
| 1716 | 1715 |
face->glyf_offset + offset,
|
| 1717 |
- (FT_UInt)loader->byte_len );
|
|
| 1716 |
+ loader->byte_len );
|
|
| 1718 | 1717 |
if ( error )
|
| 1719 | 1718 |
goto Exit;
|
| 1720 | 1719 |
|
| ... | ... | @@ -1849,7 +1848,7 @@ |
| 1849 | 1848 |
/* (which consists of 10 bytes) */
|
| 1850 | 1849 |
error = face->access_glyph_frame( loader, glyph_index,
|
| 1851 | 1850 |
face->glyf_offset + offset + 10,
|
| 1852 |
- (FT_UInt)loader->byte_len - 10 );
|
|
| 1851 |
+ loader->byte_len - 10 );
|
|
| 1853 | 1852 |
if ( error )
|
| 1854 | 1853 |
goto Exit;
|
| 1855 | 1854 |
|
| ... | ... | @@ -2105,7 +2104,7 @@ |
| 2105 | 2104 |
FT_UInt num_base_subgs = gloader->base.num_subglyphs;
|
| 2106 | 2105 |
|
| 2107 | 2106 |
FT_Stream old_stream = loader->stream;
|
| 2108 |
- FT_Int old_byte_len = loader->byte_len;
|
|
| 2107 |
+ FT_UInt old_byte_len = loader->byte_len;
|
|
| 2109 | 2108 |
|
| 2110 | 2109 |
|
| 2111 | 2110 |
FT_GlyphLoader_Add( gloader );
|